/prog/ - hidin shit

Name: Anonymous 2010-12-16 3:38

How "difficult" is it to reverse engineer, for example, a C program? I ask because I'm wondering how easy it would be to conceal information within one.

Name: Anonymous 2010-12-16 3:59

reverse engineer as in what?
mess around with binaries?

Name: VIPPER 2010-12-16 4:03

>>1
Depends alot on the program and compiler. C should be the easiest of all because it is relatively low level.

There is a whole lot of methods to hide data inside a program, but i dont know many.

Also if your serious about your shit you better be knowing ASM good and learn about program formats like ELF or PE.

Name: Anonymous 2010-12-16 4:25

>>2
Reproducing the source.

Name: Anonymous 2010-12-16 4:27

That depends. If your goal is not to get full C listing, but simply to udnerstand how part work, then it's quite easy. Very easy in fact. Hardest part is probably division after compiler optimized it to multiplication.

Name: Anonymous 2010-12-16 4:28

>>4
Reproducing full source is possibly, but nobody in sane mind will do this.

Name: Anonymous 2010-12-16 4:32

>>6
How does the process of doing this work?

Name: Anonymous 2010-12-16 4:36

>>7
1) You purchase IDA Pro with decompiler-to-c plugin
2) You run it against .exe
3) You manually poplish garbage that IDA didn't manage to decompile.

something like that.

Name: Anonymous 2010-12-16 5:42

Easy if you know what you're doing.
>>8 is right that decompilers like Hexrays do make things easier, but I tend to prefer working with assembly listings for anything but trivial C.

Also OP, if you're the same person that asked for (made 2 threads):
- rootkit/process hiding help
- packer writing
I'll tell you again that anything that was made by man is easy to reverse engineer. You can make it harder, but the reality is that against a skilled reverse engineer, your program will be naked ;')

While, I could give you tips on how to make my life (the reverser's) a hell, I wouldn't go giving them around to someone who obviously plans on making malware of some sort. The road you have chosen previously (new process unpacks into another process), is hardly a challenge for any non-newbie reverser.

Name: Anonymous 2010-12-16 9:45

This thread is a secret area of haxx

Name: Anonymous 2010-12-16 10:17

This thread is a saohq

Name: Anonymous 2010-12-16 13:13

>>9
Add sequences of bytes that would not form opcodes, or do what Themida does and create opcodes that the disassembler will have a hard time forming.

Name: Anonymous 2010-12-16 20:53

Back to REchan, please.

hidin shit

1 Name: Anonymous 2010-12-16 3:38

2 Name: Anonymous 2010-12-16 3:59

3 Name: VIPPER 2010-12-16 4:03

4 Name: Anonymous 2010-12-16 4:25

5 Name: Anonymous 2010-12-16 4:27

6 Name: Anonymous 2010-12-16 4:28

7 Name: Anonymous 2010-12-16 4:32

8 Name: Anonymous 2010-12-16 4:36

9 Name: Anonymous 2010-12-16 5:42

10 Name: Anonymous 2010-12-16 9:45

11 Name: Anonymous 2010-12-16 10:17

12 Name: Anonymous 2010-12-16 13:13

13 Name: Anonymous 2010-12-16 20:53